h1. Completing the Sun Java System Messaging Server 7 Update 1 Installation: Initial Configuration
This document describe the configuration and migration steps you must perform, after installation, before you can use Messaging Server. This document assumes that you have read the [_Sun Java Communications Suite 5 Deployment Planning Guide_|http://docs.sun.com/doc/819-4439] and installed Messaging Server. Performing the following tasks should get you to a point where you have a functioning Messaging Server. You will still want to customize your deployment as well as provision and perhaps migrate users and groups. Provisioning is described in the _[CommSuite:Delegated Administrator Administration Guide]_.
This document includes the following sections:
{toc:minLevel=2|maxLevel=2}
h2. {anchor:FWBZC} Creating UNIX System Users and Groups
System users run specific server processes, and privileges need to be given to these users so that they have appropriate permissions for the processes they are running.
Set up a system user account and group for all Sun Java System servers, and set permissions for the directories and files owned by that user. To do so, follow the steps below.
{info:title=Note}For security reasons, in some deployments it may be desirable to have different system administrators for different servers. This is done by creating different system users and groups per server. For example, the system user for Messaging Server would be different from the system user for Web Server, and system administrators Messaging Server would not be able to administer the Web Server.{info}
h6. To Create UNIX System Users and Groups
# Log in as {{root}}.
# Create a group to which your system users will belong.
In the following example, the {{mail}} group is created:
{code}
# groupadd mail
{code}
# Create the system user and associate it with the group you just created. In addition, set the password for that user.
In the following example, the user {{mailsrv}} is created and associated with the {{mail}} group:
{code}
# useradd -g mail mailsrv
{code}
{{useradd}} and {{usermod}} commands are in {{/usr/sbin}}. See UNIX man pages for more information.
# You might also need to check the {{/etc/group}} and {{/etc/passwd}} files to be sure that the user has been added to the system group that you created.
{info:title=Note}Should you decide not to set up UNIX system users and groups prior to installing Messaging Server, you will be able to specify them when you run the [#Creating the Initial Messaging Server Runtime Configuration].{info}
h2. To Prepare Directory Server for Messaging Server Configuration
For more information on directory preparation and the directory preparation script {{comm_dssetup.pl}}, see [Communications Suite Directory Server Setup Script (comm_dssetup.pl)]. The {{comm_dssetup.pl}} script prepares the Directory Server by setting up new schema, index, and data in your Directory Server. It must be run for new installations of Messaging Server and Communications Express. It is also a good idea to run the latest {{comm_dssetup.pl}} if you are upgrading any of the component products that depend on Directory Server.
h2. Creating the Initial Messaging Server Runtime Configuration
The initial runtime configuration program provides a configuration to get your Messaging Server up and running. It is meant to create an _initial runtime configuration_ to setup a generic functional messaging server configuration. Thus it gives you a base working configuration from which you can make your specific customizations. The program is only meant to be run once. Subsequent running of this program will result in your configuration being overwritten. To modify your initial runtime configuration, use the configuration utilities described here and in the [_Sun Java System Messaging Server 6.3 Administration Reference_|http://docs.sun.com/doc/819-4429].
h3. Messaging Server Prerequisites
Before running the initial runtime configuration program, you must:
* Install and configure the Directory Server. (See the [_Sun Java Enterprise System 5 Installation Guide for UNIX_|http://docs.sun.com/doc/819-4891].)
* Run the {{comm_dssetup.pl}} program. See [Communications Suite Directory Server Setup Script (comm_dssetup.pl)].
* Record your Administration and Directory installation and configuration parameters in the checklists supplied in [Configuration Worksheets - Messaging Server].
h3. Messaging Server Configuration Checklist
When you run the Messaging Server initial runtime configuration program, record your parameters in [CommSuite6:Installation Worksheets - Directory Server]. To answer certain questions, refer to your Directory Server installation checklists in [Configuration Worksheets - Messaging Server].
h6. To Run the Configure Program
This procedure walks you through configuring the Messaging Server initial runtime configuration.
# Ensure in your setup that DNS is properly configured and that it is clearly specified how to route to hosts that are not on the local subnet.
#* The {{/etc/defaultrouter}} should contain the IP address of the gateway system. This address must be on a local subnet.
#* The {{/etc/resolv.conf}} exists and contains the proper entries for reachable DNS servers and domain suffixes.
#* In {{/etc/nsswitch.conf}}, the {{hosts:}} and {{ipnodes:}} line has the {{files}}, {{dns}} and {{nis}} keywords added. The keyword {{files}} must precede {{dns}} and {{nis}}. So if the lines look like this:
{code}
hosts: nis dns files
ipnodes: nis dns files
{code}
They should be changed to this:
{code}
hosts: files nis dns
ipnodes: files nis dns
{code}
#* Make sure that the FQDN is the first host name in the {{/etc/hosts}} file.
If your Internet host table in your {{/etc/hosts}} file looks like this:
{code}
123.456.78.910 budgie.west.sesta.com
123.456.78.910 budgie loghost mailhost
{code}
Change it so that there is only one line for the IP address of the host. Be sure the first host name is a fully qualified domain name. For example:
{code}
123.456.78.910 budgie.west.sesta.com budgie loghost mailhost
{code}
#* You can verify that the lines are read correctly by running the following commands:
{code}
# getent hosts <ip_address>
# getent ipnodes <ip_address>
{code}
If the lines are read correctly, you should see the IP address followed by the FQDN and then the other values. For example:
{code}
# getent hosts 192.18.126.103
192.18.126.103 budgie.west.sesta.com budgie loghost mailhost
{code}
# Invoke the Messaging Server initial runtime configuration with the following command:
{code}
<msg-svr-base>/sbin/configure <options>
{code}
You might need to use the {{xhost}}(1) command if you are configuring Messaging Server on a remote system.
The following table describes options you can set with the {{configure}} program:
||Option||Description||
|\-nodisplay|Invokes a command-line configuration program.|
|\-noconsole|Invokes a GUI user interface program.|
|\-novalidate|No text field validation is performed.|
|\-saveState \[_statefile_\]|Saves state of installer input.|
|\-state \[_statefile_\] |Uses a silent installation file. Must be used with \-nodisplay and \-noconsole flags. See [#To Perform a Silent Installation].|
|\-debug|Provides general debug info.|
# The Welcome panel appears.
The first panel in the configure program is a copyright page. Select Next to continue or Cancel to exit. If you didn't configure the administration server (Messaging Server 2005Q4 or earlier only) you will be warned, select okay to continue.
# Type the Fully Qualified Host Name (FQHN).
This is the machine on which Messaging Server will operate. When you installed the server, you might have specified the physical host name. However, if you are installing a cluster environment, use the logical hostname. Here is the chance to change what you originally specified.
# Select directory to store configuration and data files.
Select the directory where you want to store the Messaging Server configuration and data files. Specify a pathname that is not under the _msg-svr-base_. Symbolic links will be created under _msg-svr-base_ to the configuration and data directory. For more information on these symbolic links, see [#Post-Installation Directory Layout].
Make sure you have large enough disk space set aside for these files.
# You will see a small window indicating that components are being loaded.
This might take a few minutes.
# Select Components to Configure.
Select the Messaging Serer components that you want to configure.
#* Message Transfer Agent: Handles routing, delivering user mail, and handling SMTP authentication. The MTA provides support for hosted domains, domain aliases, and server-side filters.
#* Message Store: Provides the foundation for unified messaging services through its universal Message Store. Access to the message store is available through multiple protocols (HTTP, POP, IMAP). If you are only configuring a Message Store, you must also select the MTA.
#* Webmail Server: Handles the HTTP protocol retrieval of messages from the Message Store. This component is also used by Convergence and Communications Express to provide web-based access to end users.
#* Messaging Multiplexor: Acts as a proxy to multiple messaging server machines within an organization. Users connect to the Multiplexor server, which redirects each connection to the appropriate mail server. This component is not enabled by default. If you do check the MMP as well as the Message Store, they will be enabled on the same system; a warning message will appear for you to change your port numbers after configuration. For instructions on doing so, see [#Post-Installation Port Numbers].
To configure the MMP, see [Configuring and Administering Multiplexor Services|http://docs.sun.com/app/docs/doc/819-4428/bgafa?a=view].
Check any components you want to configure, and uncheck those components you do not want to configure.
# Type the system user name and the group that will own the configured files.
For information on setting up system users and groups, see [#Creating UNIX System Users and Groups].
# Configuration Directory Server Panel.
# User/Group Directory Server Panel
Type your Users and Groups Directory LDAPURL, and administrator ID and Password to bind as.
Gather the User/Group Server LDAPURL information from the host and post number information from your Directory Server installation. See the [Directory Server Installation Worksheet|CommSuite6U1:Installation Worksheets - Directory Server].
The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, the Messaging Server) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is {{cn=Directory Manager}} and is set during Directory Server configuration
If you are installing against a replicated Directory Server instance, you must specify the credentials of the replica, not the master directory.
# You are prompted for the Postmaster Email Address.
Type a Postmaster Email Address.
Select an address that your administrator actively monitors. For example, {{pma@siroe.com}} for a postmaster on the {{siroe}} domain. This address cannot begin with "Postmaster."
The user of the email address is not automatically created. Therefore, you need create it later by using a provisioning tool.
# You are prompted for the password for administrator accounts.
Type an initial password that will be used for service administrator, server, user/group administrator, end user administrator privileges as well as PAB administrator and SSL passwords.
After the initial runtime configuration, you might change this password for individual administrator accounts. For more information, see [To Modify Your Passwords|http://docs.sun.com/app/docs/doc/819-4428/bgacw?a=view].
# You are prompted for the Default Email Domain.
Type a Default Email Domain.
This email domain is the default that is used if no other domain is specified. For example, if {{siroe.com}} is the default email domain, then the domain to which messages addressed to user IDs without a domain will be sent.
If you are using the Delegated Administrator CLI, the command-line interface for provisioning users and groups with Sun LDAP Schema 2, you will want to specify the same default domain during its configuration. For more information, see [CommSuite:Delegated Administrator Administration Guide].
# You are prompted for the Organization DN.
Type an Organization DN under which users and groups will be created. The default is the email domain prepended to the user/group suffix.
For example, if your user/group suffix is {{o=usergroup}}, and your email domain is {{siroe.com}}, then the default is {{o=siroe.com, o=usergroup}} (where {{o=usergroup}} is your user/group Directory suffix which was specified in [#Creating UNIX System Users and Groups].
If you choose the same user/group Directory suffix as your Organization DN, you might have migration problems if you decide to create a hosted domain. If you want to set up a hosted domain during initial runtime configuration, then specify a DN one level below the User/Group suffix.
# The Ready to Configure panel appears.
The configuration program checks for enough disk space on your machine and then outline the components it is ready to configure.
To configure the Messaging components, select Configure Now. To change any of your configuration variables, select Back. Or to exit from the configuration program, select Cancel.
# The Starting Task Sequence, Sequence Completed, and Installation Summary Panels appear.
You can read the installation status by selecting Details on the final Installation Summary page. To exit the program, select Close.
A log file is created in _msg-svr-base_{{/install/configure_}}_YYYYMMDDHHMMSS_{{.log}}, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the configuration.
An initial runtime configuration is now set up for your Messaging Server. To change any configuration parameter, refer to other parts of this document for instructions on doing so.
To start Messaging Server, use the following command:
{code}
<msg-svr-base>/sbin/start-msg
{code}
h6. To Perform a Silent Installation
The Messaging Server initial runtime configuration program automatically creates a silent installation _state_ file (called {{saveState}}) that can be used to quickly configure additional Messaging Server instances in your deployment where the Messaging Server packages have been installed. All of your responses to the configuration prompts are recorded in that file.
By running the silent installation, you instruct the {{configure}} program to read the silent installation state file. The {{configure}} program uses the responses in this file rather than ask the same installation questions again for subsequent initial runtime configurations of Messaging Server. When you use the state file in a new installation, you are not asked any questions. Instead, all of the state file responses are automatically applied as the new installation parameters.
The silent installation {{saveState _statefile_}} file is stored in the _msg-svr-base_{{/install/configure_}}_YYYYMMDDHHMMSS_ directory, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the {{saveState}} file.
To use the silent installation _statefile_ to configure another Messaging Server instance on another machine in the deployment, follow these steps:
# Copy the silent installation _statefile_ to a temporary area on the machine where you are performing the new installation.
# Review and edit the silent installation _statefile_ as necessary.
You will probably want to change some of the parameters and specifications in the _statefile_. For example, the default email domain for the new installation may be different than the default email domain recorded in the _statefile_. Remember that the parameters listed in the _statefile_ are automatically applied to this installation.
# Run the following command to configure other machines with the silent installation file:
{code}
<msg-svr-base>/sbin/configure -nodisplay -noconsole -state <statefile>
{code}
where _statefile_ is file name of the {{saveState}} file, including the full path to the file. (See Step 1 of this section).
{info:title=Note}After running the silent installation program, a new _statefile_ is created from the silent installation in the _msg-svr-base_{{/install/configure_}}_YYYYMMDDHHMMSS_{{/saveState}} directory, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the directory containing the {{saveState}} file.
{info}
h2. Installing Messaging Server Against a Directory Server Replica
The following conditions might prevent you from installing Messaging Server against a Directory Server master:
* You do not have Directory Server master credentials.
* Messaging Server cannot communicate directly with the Directory Server master.
h6. To Install Messaging Server Against a Directory Server Replica
# Run the {{comm_dssetup.pl}} program against all Directory Servers including the Directory Server replicas (see [Communications Suite Directory Server Setup Script (comm_dssetup.pl)]).
# Run the Messaging {{configure}} program using the replicated Directory Server credentials as described in [#Creating the Initial Messaging Server Runtime Configuration].
By default, this program is located in the _msg-svr-base_{{/sbin/configure}} directory.
Because of invalid privileges, the {{configure}} program fails in trying to configure the Directory Server Administrators. It does, however, produce the _msg-svr-base_{{/config/*.ldif}} files that are needed to allow proper privileges to the Directory Server replicas.
# Move the {{*.ldif}} files to the Directory Server master.
# Run the {{ldapmodify}} command on the {{*.ldif}} files.
See the Sun Java System Directory Server documentation for more information on {{ldapmodify}} or in the _msg-svr-base_{{/install/configure__YYYYMMDDHHMMSS_.log}}.
# Run the {{configure}} program again.
Your Directory Server replica (and master) are now configured to work with your Messaging Server.
h2. Installing Messaging Server Provisioning Tools
The following sections provide a summary of install information about the supported provisioning tools:
{toc-zone:minLevel=3|maxLevel=3|location=top|type=list}
h3. Understanding Schema and Provisioning Options
To learn more about the schema and provisioning options for Messaging Server and Communications Suite, see [Chapter 8, Understanding Schema and Provisioning Options|http://docs.sun.com/app/docs/doc/819-4439/acrfi?a=view], in the Sun Java Communications Suite 5 Deployment Planning Guide.
{excerpt:hidden=true}
(Note: Hiding this info for now. It is duplicated from http://docs.sun.com/app/docs/doc/819-2650/6n4u4dtlp?a=view. This page no longer should speak to iPlanet Delegated Administrator.)
Two GUI provisioning tools are available for Messaging Server, the iPlanet Delegated Administrator (Sun LDAP Schema 1) and the Communications Services Delegated Administrator (Sun LDAP Schema 2). This section discusses the former. For details on the latter see the [CommSuite:Delegated Administrator Administration Guide].\\
\\To install the iPlanet Delegated Administrator (Sun LDAP Schema 1), you need to download it from the Sun Software page. Contact your Sun Java System representative for information on the download location information.
{info:title=Note}
The iPlanet Delegated Administrator can only be installed after Messaging Server and Web Server are installed and configured. For more information on installing iPlanet Delegated Administrator, see the iPlanet Delegated Administrator documentation.\\
\\iPlanet Delegated Administrator is only available for those customers with existing Messaging Server 5.x installations and who are currently installing Messaging Server 6. It is not available to those customers new to the Messaging Server product.\\
\\iPlanet Delegated Administrator must be used with Sun Java System Web Server 6.0 (which is only bundled with the previous Messaging Server 5.2 product). You cannot use Web Server 6.1 (bundled with the Java Enterprise System installer) with iPlanet Delegated Administrator.
{info}
{info:title=Note}
When you install the following products, use the Java Enterprise System installer. Note that some of these products have their own configuration whereas other product configurators are embedded in the Java Enterprise System installer/configurator. For more information, refer to specific product documentation.
{info}
h6. To Install iPlanet Delegated Administrator
# Be sure that Sun Java System Directory Server 5.2 is installed and configured.
For more information, read the appropriate _Sun Java System Directory Server Installation Guide_.
# Install and configure Messaging Server.\\
\\Messaging Server will detect that you are using Sun LDAP Schema 1 since Sun Java System Access Manager will not be installed.
# Install Sun Java System Web Server 6.0 from your previous Messaging Server 5.2 bundle.\\
\\Review the Sun Java System Web Server documentation and the Sun Java System Delegated Administrator documentation.
# Install iPlanet Delegated Administrator for Messaging 1.2 Patch 2. \\
\\Contact your Sun support representative to obtain the latest version.\\
\\Refer to the iPlanet Delegated Administrator documentation.
{excerpt}
h3. LDAP Provisioning Tools
Sun LDAP Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported).
h6. To Install Schema 1 LDAP Provisioning Tools
# If Directory Server is not already installed, be sure to install and configure it.
For more information, refer to the [_Sun Java Enterprise System 5 Installation Guide for UNIX_|http://docs.sun.com/doc/819-4891].
# Configure Access Manager to recognize data in your Directory Server.
Before Access Manager can recognize the data in your LDAP directory, you must add special object classes to entries for all organizations, groups and users that will be managed by Access Manager. If you have not done this already, do it before you start provisioning new accounts. Sample scripts are bundled in the Access Manager product to help you automatically add these object classes to your directory. For more information on these post-installation steps, see the _Sun Java System Access Manager Migration Guide_.
# Install and configure Messaging Server with help from this guide.
Messaging Server detects which Sun Java System LDAP Schema you are using, depending on whether or not Access Manager is installed.
# Install and configure Sun Java System Web Server 6.1 to enable mail filtering in Messenger Express.
For more information on enabling mail filtering, see [#Configuring Messenger Express and Communications Express Mail Filters].
Though mail filtering is not a provisioning tool, its functionality existed in the previous GUI version of Delegated Administrator for Messaging.
# Refer to the Sun Java System Messaging Server documentation to perform LDAP provisioning.
For Sun LDAP Schema 1 LDAP provisioning, use the [_iPlanet Messaging Server 5.2 Provisioning Guide_|http://docs.sun.com/doc/816-6018-10] and [CommSuite:Communications Suite Schema Reference], which contains object classes and attributes for both Sun LDAP Schema 1 and v.2.
{toc-zone}
h2. SMTP Relay Blocking
By default, Messaging Server is configured to block attempted SMTP relays; that is, it rejects attempted message submissions to external addresses from unauthenticated external sources (external systems are any other system than the host on which the server itself resides). This default configuration is quite aggressive in blocking SMTP relaying in that it considers all other systems to be external systems.
After installation, it is important to manually modify your configuration to match the needs of your site. Specifically, your messaging server should recognize its own internal systems and subnets from which SMTP relaying should always be accepted. If you do not update this configuration, you might encounter problems when testing your MTA configuration.
IMAP and POP clients that attempt to submit messages via Messaging Server system's SMTP server destined for external addresses, and which do not authenticate using SMTP AUTH (SASL), will find their submission attempts rejected. Which systems and subnets are recognized as internal is typically controlled by the {{INTERNAL_IP}} mapping table, which may be found in the _msg-svr-base{{_/config/mappings}} file.
For instance, on a Messaging Server system whose IP address is {{192.45.67.89}}, the default {{INTERNAL_IP}} mapping table would appear as follows:
{code}
INTERNAL_IP
$(192.45.67.89/32) $Y
127.0.0.1 $Y
* $N
{code}
The initial entry, using the {{$(IP-pattern/significant-prefix-bits)}} syntax, is specifying that any IP address that matches the full 32 bits of {{192.45.67.89}} should match and be considered internal. The second entry recognizes the loopback IP address {{127.0.0.1}} as internal. The final entry specifies that all other IP addresses should not be considered internal.
You can add additional entries by specifying additional IP addresses or subnets before the final {{$N}} entry. These entries must specify an IP address or subnet (using the {{$(.../...)}} syntax to specify a subnet) on the left side and {{$Y}} on the right side. Or you may modify the existing {{$(.../...)}} entry to accept a more general subnet.
For instance, if this same sample site has a class C network, that is, it owns all of the {{192.45.67.0}} subnet, then the site would want to modify the initial entry so that the mapping table appears as follows:
{code}
INTERNAL_IP
$(192.45.67.89/24) $Y
127.0.0.1 $Y
* $N
{code}
Or if the site owns only those IP addresses in the range {{192.45.67.80-192.45.67.99}}, then the site would want to use:
{code}
INTERNAL_IP
! Match IP addresses in the range 192.45.67.80-192.45.67.95
$(192.45.67.80/28) $Y
! Match IP addresses in the range 192.45.67.96-192.45.67.99
$(192.45.67.96/30) $Y
127.0.0.1 $Y
* $N
{code}
Note that the _msg-svr-base_{{/sbin/}}{{imsimta \-test\-match}} utility can be useful for checking whether an IP address matches a particular {{$(.../...)}} test condition. The {{imsimta test \-mapping}} utility can be more generally useful in checking that your {{INTERNAL_IP}} mapping table returns the desired results for various IP address inputs.
After modifying your {{INTERNAL_IP}} mapping table, be sure to issue the _msg-svr-base/_{{sbin/imsimta cnbuild}} and the _msg-svr-base_{{/_sbin/}}{{imsimta \-restart}} utilities so that the changes take effect.
Further information on the mapping file and general mapping table format, as well as information on {{imsimta}} command line utilities, can be found in [Chapter 2, Message Transfer Agent Command-line Utilities|http://docs.sun.com/doc/819-4429/acmev?a=view], in the _Sun Java System Messaging Server 6.3 Administration Reference_. In addition, information on the {{INTERNAL_IP}} mapping table can be found in [To Add SMTP Relaying|http://docs.sun.com/app/docs/doc/819-4428/bgauv?a=view].
h2. Enabling Startup After a Reboot
You can enable Messaging Server startup after system reboots by using the bootup script: _msg-svr-base{{_/lib/}}{{Sun_MsgSvr}}. That is, by default, Messaging Server will not restart after a system reboot unless you run this script. In addition, this script can also start up your MMP, if enabled.
h6. To Enable Messaging Server After a Reboot
# Copy the {{Sun_MsgSvr}} script into the {{/etc/init.d}} directory.
# Change the following ownerships and access modes of the {{Sun_MsgSvr}} script:
||Ownership (chown(1M))||Group Ownership (chgrp(1M))||Access Mode (chmod(1M)) ||
|{{root}} (superuser)|{{sys}}|0744|
# Go to the {{/etc/rc2.d}} directory and create the following link:
{code}
ln /etc/init.d/Sun_MsgSvr S92Sun_MsgSvr
{code}
# Go to the {{/etc/rc0.d}} directory and create the following link:
{code}
ln /etc/init.d/Sun_MsgSvr K08Sun_MsgSvr
{code}
h2. Handling sendmail Clients
If end users send messages through {{sendmail}} clients, you can configure Messaging Server to work with those clients over protocol. Users can continue to use the UNIX {{sendmail}} client.
To create compatibility between sendmail clients and Messaging Server, you can create and modify a {{sendmail}} configuration file.
Each time a new {{sendmail}} patch is applied to your system, you will need to modify the {{submit.cf}} file as described in [#To Create the sendmail Configuration File on Solaris OS 9 Platforms]. On Solaris 8, follow the instructions in [#To Obtain the Proper Version of the /usr/lib/sendmail on Solaris OS 8].
When you installed previous versions of Messaging Server, the {{/usr/lib/sendmail}} binary was replaced with a component of the Messaging Server product. In Messaging Server 6.0 to the current version, this replacement during install is no longer necessary. Therefore, you may need to obtain the proper version of the {{/usr/lib/sendmail}} binary from the most current sendmail patch.
On Solaris OS 9 platforms, {{sendmail}} is no longer a {{setuid}} program. Instead, it is a {{setgid}} program.
h6. To Obtain the Proper Version of the /usr/lib/sendmail on Solaris OS 8
# Find the file {{main-v7sun.mc}} file in directory {{/usr/lib/mail/cf}} and create a copy of this file.
In the example in this section, a copy called {{sunone-msg.mc}} is created.
# In the {{sunone-msg.mc}} file, add the following lines before the {{MAILER}} macros:
{code}
FEATURE(`nullclient’, `smtp:rhino.west.sesta.com’)dnl
MASQUERADE_AS(`west.sesta.com’)dnl
define(`confDOMAIN_NAME’, `west.sesta.com’)dnl
{code}
{{rhino.west.sesta.com}} is the localhost name and {{west.sesta.com}} is the default email domain as described in [#Creating the Initial Messaging Server Runtime Configuration]. In an HA environment, use the logical host name. See [CommSuite:Configuring Messaging Server for High Availability] for more information about logical hostnames for high availability.
# Compile the {{sunone-msg.mc}} file:
{code}
/usr/ccs/bin/make sunone-msg.cf
{code}
The {{sunone-msg.mc}} will output {{sunone-msg.cf}}.
# Make a backup copy of the existing {{sendmail.cf}} file located in the {{/etc/mail}} directory.
## Copy and rename {{/usr/lib/mail/cf/sunone-msg.cf}} to {{sendmail.cf}} file.
## Move the new {{sendmail.cf}} file to the {{/etc/mail}} directory.
h6. To Create the sendmail Configuration File on Solaris OS 9 Platforms
# Find the file {{submit.mc}} file in directory {{/usr/lib/mail/cf}} and create a copy of this file.
In the example in this section, a copy called {{sunone-submit.mc}} is created.
# Change the following line in the file {{sunone-submit.mc:}}
{code}
FEATURE("msp’)dn
{code}
to
{code}
FEATURE("msp’, "rhino.west.sesta.com’)dnl
{code}
where {{rhino.west.sesta.com}} is the localhost name.
{{rhino.west.sesta.com}} is the localhost name and {{west.sesta.com}} is the default email domain as described in [#Creating the Initial Messaging Server Runtime Configuration]. In an HA environment, use the logical host name. See [CommSuite:Configuring Messaging Server for High Availability] for more information about logical hostnames for high availability.
# Compile the {{sunone-submit.mc}} file:
{code}
/usr/ccs/bin/make sunone-submit.cf
{code}
The {{sunone-submit.mc}} will output {{sunone-submit.cf}}.
# Make a backup copy of the existing {{submit.cf}} file in the {{/etc/mail}} directory.
## Copy and rename {{/usr/lib/mail/cf/sunone-submit.cf}} file to {{submit.cf}} file.
## Move the new {{submit.cf}} file to the {{/etc/mail}} directory.
h2. Configuring Messenger Express and Communications Express Mail Filters
Mail filters are accessible through Messenger Express and Communications Express. There is no need to deploy the {{.war}} file if you use only Communications Express, but to deploy the mail filters within Messenger Express you need to issue the following commands:
_If using Web Server as your web container:_
{code}
# cd <web-svr-base>/bin/https/httpadmin/bin
# ./wdeploy deploy -u /MailFilter -i https-<srvr>_instance -v https-virtual_<srvr>_instance <msg-svr-base>/SUNWmsgmf/MailFilter.war
{code}
_If using Application Server as your Web container:_
{code}
# cd <app-svr-base>/sbin
# ./asadmin
asadmin> deploy --user admin <msg-svr-base>/SUNWmsgmf/MailFilter.war
{code}
In both cases, set the following {{configutil}} parameter and restart {{mshttpd}}:
{code}
# cd <msg-svr-base>/sbin
# ./configutil -o "local.webmail.sieve.port" -v "<WS-port-no>|<AS-port-no>"
# ./stop-msg http
# ./start-msg http
{code}
Information on mail filters for end-users is available in the Messenger Express and Communications Express online help files.
h2. Performance and Tuning
Refer to [Performance Considerations for a Messaging Server Architecture|http://docs.sun.com/doc/819-4439/acriq?a=view] in the _Sun Java Communications Suite 5 Deployment Planning Guide_.
h2. Post-Installation Directory Layout
After installing the Sun Java System Messaging Server, its directories and files are arranged in the organization described in the following table. The table is not exhaustive; it shows only those directories and files of most interest for typical server administration tasks.
h6. Post-Installation Directories and Files
||Directory||Default Location and Description||
|Messaging Server Base\\
\\(_msg_svr_base_)|{{/opt/sun/comms/messaging/}} or {{/opt/sun/comms/messaging64/}}\\
\\(default location)\\
\\The directory on the Messaging Server machine dedicated to holding the server program, configuration, maintenance, and information files.\\
\\Only one Messaging Server Base directory per machine is permitted.|
|Configuration\\
\\ {{config}}|{{_msg_svr_base_/config/}}\\
\\Contains all of the Messaging Server configuration files such as the {{imta.cnf}} and the {{msg.conf}} files.\\
\\On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the {{config}} subdirectory of the data and configuration directory (default: {{/var/opt/sun/comms/messaging/}}) or {{/var/opt/sun/comms/messaging64/}} that you specified in the initial runtime configuration.|
|Log\\
\\ {{log}}|{{_msg_svr_base_/log/}}\\
\\Contains the Messaging Server log files like the {{mail.log_current}} file.\\
\\On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the {{log}} subdirectory of the data and configuration directory (default: {{/var/opt/sun/comms/messaging/}}) or {{/var/opt/sun/comms/messaging64/}} that you specified in the initial runtime configuration.|
|Data\\
\\ {{data}}|{{_msg_svr_base_/data/}}\\
\\(required location)\\
\\Contains databases, configuration, log files, site-programs, queues, store and message files.\\
\\The {{data}} directory includes the {{config}} and {{log}} directories.\\
\\On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the data and configuration directory (default: {{/var/opt/sun/comms/messaging/}} or {{/var/opt/sun/comms/messaging64}}) that you specified in the initial runtime configuration.|
|System Administrator Programs\\
\\ {{sbin}}|{{_msg_svr_base_/sbin/}}\\
\\(required location)\\
\\Contains the Messaging Server system administrator executable programs and scripts such as {{imsimta}}, {{configutil}}, {{stop-msg}}, {{start-msg}}, and {{uninstaller}}.|
|Library\\
\\ {{lib}}|{{_msg_svr_base_/lib/}}\\
\\(required location)\\
\\Contains shared libraries, private executable programs and scripts, daemons, and non-customizable content data files. For example: {{imapd}} and {{qm_maint.hlp.}}|
|SDK Include Files\\
\\ {{include}}|{{_msg_svr_base_/include/}}\\
\\(required location)\\
\\Contains Messaging header files for Software Development Kits (SDK).|
|Examples\\
\\ {{examples}}|{{_msg_svr_base_/examples/}}\\
\\(required location)\\
\\Contains the examples for various SDKs, such as Messenger Express AUTH SDK.|
|Installation Data\\
\\ {{install}}|{{_msg_svr_base_/install/}}\\
\\(required location)\\
\\Contains installation-related data files such as installation log files, silent installation files, factory default configuration files, and the initial runtime configuration log files.|
h2. Post-Installation Port Numbers
In the installation and initial runtime configuration programs, port numbers will be chosen for various services. These port numbers can be any number from 1 to 65535. The following table lists the port numbers that are designated after installation.
h6. Port Numbers Designated During Installation
||Port Number||Service ({{configutil}} parameter)||
|389|Standard Directory Server LDAP Port on the machine where you install Directory Server. This port is specified in the Directory Server installation program. ({{local.ugldapport}})|
|110|Standard POP3 Port. This port may conflict with the MMP port if installed on the same machine. ({{service.pop.port}})|
|143|Standard IMAP4 Port. This port may conflict with the MMP port if installed on the same machine. ({{service.imap.port}})|
|25|Standard SMTP Port. ({{service.http.smtpport}})|
|80|Messenger Express HTTP Port. This port may conflict with the Web Server port if installed on the same machine. ({{service.http.port}})|
|995|POP3 over SSL port. For encrypted communications. ({{service.pop.sslport}})|
|993|IMAP over SSL Port. For encrypted communications. This port may conflict with the MMP port if installed on the same machine. ({{service.imap.sslport}})|
|443|HTTP over SSL Port. For encrypted communications. ({{service.http.sslport}})|
|7997|Messaging and Collaboration Event Notification Service (ENS) Port.|
|27442|Port that is used by the Job Controller for internal product communication.|
|49994|Port that is used by the Watcher for internal product communication. See the?? Sun Java System Messaging Server Administration Guide?? for more information on the Watcher. ({{local.watcher.port}})|
If certain products are installed on the same machine, you will encounter port number conflicts. The following table shows potential port number conflicts.
h6. Potential Port Number Conflicts
||Conflicting Port Number||Port||Conflicting Port||
|995|POP3 over SSL|MMP POP3 Proxy with SSL|
|143|IMAP Server|MMPIMAP Proxy|
|110|POP3 Server|MMPPOP3 Proxy|
|993|IMAP over SSL|MMPIMAP Proxy with SSL|
|80|Web Server port|Messenger Express|
If possible, you should install products with conflicting port numbers on separate machines. If you are unable to do so, then you will need to change the port number of one of the conflicting products.
h6. To Change Port Numbers
# Use the {{configutil}} utility to change port numbers.
See [configutil|http://docs.sun.com/doc/819-4429/acmat?a=view] in the _Sun Java System Messaging Server 6.3 Administration Reference_ for complete syntax and usage.
h6. Example: Changing the Messenger Express HTTP Port Number
The following example uses the {{service.http.port}} {{configutil}} parameter to change the Messenger Express HTTP port number to {{8080}}.
{code}
configutil -o service.http.port -v 8080
stop-msg http
start-msg http
{code}
This document describe the configuration and migration steps you must perform, after installation, before you can use Messaging Server. This document assumes that you have read the [_Sun Java Communications Suite 5 Deployment Planning Guide_|http://docs.sun.com/doc/819-4439] and installed Messaging Server. Performing the following tasks should get you to a point where you have a functioning Messaging Server. You will still want to customize your deployment as well as provision and perhaps migrate users and groups. Provisioning is described in the _[CommSuite:Delegated Administrator Administration Guide]_.
This document includes the following sections:
{toc:minLevel=2|maxLevel=2}
h2. {anchor:FWBZC} Creating UNIX System Users and Groups
System users run specific server processes, and privileges need to be given to these users so that they have appropriate permissions for the processes they are running.
Set up a system user account and group for all Sun Java System servers, and set permissions for the directories and files owned by that user. To do so, follow the steps below.
{info:title=Note}For security reasons, in some deployments it may be desirable to have different system administrators for different servers. This is done by creating different system users and groups per server. For example, the system user for Messaging Server would be different from the system user for Web Server, and system administrators Messaging Server would not be able to administer the Web Server.{info}
h6. To Create UNIX System Users and Groups
# Log in as {{root}}.
# Create a group to which your system users will belong.
In the following example, the {{mail}} group is created:
{code}
# groupadd mail
{code}
# Create the system user and associate it with the group you just created. In addition, set the password for that user.
In the following example, the user {{mailsrv}} is created and associated with the {{mail}} group:
{code}
# useradd -g mail mailsrv
{code}
{{useradd}} and {{usermod}} commands are in {{/usr/sbin}}. See UNIX man pages for more information.
# You might also need to check the {{/etc/group}} and {{/etc/passwd}} files to be sure that the user has been added to the system group that you created.
{info:title=Note}Should you decide not to set up UNIX system users and groups prior to installing Messaging Server, you will be able to specify them when you run the [#Creating the Initial Messaging Server Runtime Configuration].{info}
h2. To Prepare Directory Server for Messaging Server Configuration
For more information on directory preparation and the directory preparation script {{comm_dssetup.pl}}, see [Communications Suite Directory Server Setup Script (comm_dssetup.pl)]. The {{comm_dssetup.pl}} script prepares the Directory Server by setting up new schema, index, and data in your Directory Server. It must be run for new installations of Messaging Server and Communications Express. It is also a good idea to run the latest {{comm_dssetup.pl}} if you are upgrading any of the component products that depend on Directory Server.
h2. Creating the Initial Messaging Server Runtime Configuration
The initial runtime configuration program provides a configuration to get your Messaging Server up and running. It is meant to create an _initial runtime configuration_ to setup a generic functional messaging server configuration. Thus it gives you a base working configuration from which you can make your specific customizations. The program is only meant to be run once. Subsequent running of this program will result in your configuration being overwritten. To modify your initial runtime configuration, use the configuration utilities described here and in the [_Sun Java System Messaging Server 6.3 Administration Reference_|http://docs.sun.com/doc/819-4429].
h3. Messaging Server Prerequisites
Before running the initial runtime configuration program, you must:
* Install and configure the Directory Server. (See the [_Sun Java Enterprise System 5 Installation Guide for UNIX_|http://docs.sun.com/doc/819-4891].)
* Run the {{comm_dssetup.pl}} program. See [Communications Suite Directory Server Setup Script (comm_dssetup.pl)].
* Record your Administration and Directory installation and configuration parameters in the checklists supplied in [Configuration Worksheets - Messaging Server].
h3. Messaging Server Configuration Checklist
When you run the Messaging Server initial runtime configuration program, record your parameters in [CommSuite6:Installation Worksheets - Directory Server]. To answer certain questions, refer to your Directory Server installation checklists in [Configuration Worksheets - Messaging Server].
h6. To Run the Configure Program
This procedure walks you through configuring the Messaging Server initial runtime configuration.
# Ensure in your setup that DNS is properly configured and that it is clearly specified how to route to hosts that are not on the local subnet.
#* The {{/etc/defaultrouter}} should contain the IP address of the gateway system. This address must be on a local subnet.
#* The {{/etc/resolv.conf}} exists and contains the proper entries for reachable DNS servers and domain suffixes.
#* In {{/etc/nsswitch.conf}}, the {{hosts:}} and {{ipnodes:}} line has the {{files}}, {{dns}} and {{nis}} keywords added. The keyword {{files}} must precede {{dns}} and {{nis}}. So if the lines look like this:
{code}
hosts: nis dns files
ipnodes: nis dns files
{code}
They should be changed to this:
{code}
hosts: files nis dns
ipnodes: files nis dns
{code}
#* Make sure that the FQDN is the first host name in the {{/etc/hosts}} file.
If your Internet host table in your {{/etc/hosts}} file looks like this:
{code}
123.456.78.910 budgie.west.sesta.com
123.456.78.910 budgie loghost mailhost
{code}
Change it so that there is only one line for the IP address of the host. Be sure the first host name is a fully qualified domain name. For example:
{code}
123.456.78.910 budgie.west.sesta.com budgie loghost mailhost
{code}
#* You can verify that the lines are read correctly by running the following commands:
{code}
# getent hosts <ip_address>
# getent ipnodes <ip_address>
{code}
If the lines are read correctly, you should see the IP address followed by the FQDN and then the other values. For example:
{code}
# getent hosts 192.18.126.103
192.18.126.103 budgie.west.sesta.com budgie loghost mailhost
{code}
# Invoke the Messaging Server initial runtime configuration with the following command:
{code}
<msg-svr-base>/sbin/configure <options>
{code}
You might need to use the {{xhost}}(1) command if you are configuring Messaging Server on a remote system.
The following table describes options you can set with the {{configure}} program:
||Option||Description||
|\-nodisplay|Invokes a command-line configuration program.|
|\-noconsole|Invokes a GUI user interface program.|
|\-novalidate|No text field validation is performed.|
|\-saveState \[_statefile_\]|Saves state of installer input.|
|\-state \[_statefile_\] |Uses a silent installation file. Must be used with \-nodisplay and \-noconsole flags. See [#To Perform a Silent Installation].|
|\-debug|Provides general debug info.|
# The Welcome panel appears.
The first panel in the configure program is a copyright page. Select Next to continue or Cancel to exit. If you didn't configure the administration server (Messaging Server 2005Q4 or earlier only) you will be warned, select okay to continue.
# Type the Fully Qualified Host Name (FQHN).
This is the machine on which Messaging Server will operate. When you installed the server, you might have specified the physical host name. However, if you are installing a cluster environment, use the logical hostname. Here is the chance to change what you originally specified.
# Select directory to store configuration and data files.
Select the directory where you want to store the Messaging Server configuration and data files. Specify a pathname that is not under the _msg-svr-base_. Symbolic links will be created under _msg-svr-base_ to the configuration and data directory. For more information on these symbolic links, see [#Post-Installation Directory Layout].
Make sure you have large enough disk space set aside for these files.
# You will see a small window indicating that components are being loaded.
This might take a few minutes.
# Select Components to Configure.
Select the Messaging Serer components that you want to configure.
#* Message Transfer Agent: Handles routing, delivering user mail, and handling SMTP authentication. The MTA provides support for hosted domains, domain aliases, and server-side filters.
#* Message Store: Provides the foundation for unified messaging services through its universal Message Store. Access to the message store is available through multiple protocols (HTTP, POP, IMAP). If you are only configuring a Message Store, you must also select the MTA.
#* Webmail Server: Handles the HTTP protocol retrieval of messages from the Message Store. This component is also used by Convergence and Communications Express to provide web-based access to end users.
#* Messaging Multiplexor: Acts as a proxy to multiple messaging server machines within an organization. Users connect to the Multiplexor server, which redirects each connection to the appropriate mail server. This component is not enabled by default. If you do check the MMP as well as the Message Store, they will be enabled on the same system; a warning message will appear for you to change your port numbers after configuration. For instructions on doing so, see [#Post-Installation Port Numbers].
To configure the MMP, see [Configuring and Administering Multiplexor Services|http://docs.sun.com/app/docs/doc/819-4428/bgafa?a=view].
Check any components you want to configure, and uncheck those components you do not want to configure.
# Type the system user name and the group that will own the configured files.
For information on setting up system users and groups, see [#Creating UNIX System Users and Groups].
# Configuration Directory Server Panel.
# User/Group Directory Server Panel
Type your Users and Groups Directory LDAPURL, and administrator ID and Password to bind as.
Gather the User/Group Server LDAPURL information from the host and post number information from your Directory Server installation. See the [Directory Server Installation Worksheet|CommSuite6U1:Installation Worksheets - Directory Server].
The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, the Messaging Server) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is {{cn=Directory Manager}} and is set during Directory Server configuration
If you are installing against a replicated Directory Server instance, you must specify the credentials of the replica, not the master directory.
# You are prompted for the Postmaster Email Address.
Type a Postmaster Email Address.
Select an address that your administrator actively monitors. For example, {{pma@siroe.com}} for a postmaster on the {{siroe}} domain. This address cannot begin with "Postmaster."
The user of the email address is not automatically created. Therefore, you need create it later by using a provisioning tool.
# You are prompted for the password for administrator accounts.
Type an initial password that will be used for service administrator, server, user/group administrator, end user administrator privileges as well as PAB administrator and SSL passwords.
After the initial runtime configuration, you might change this password for individual administrator accounts. For more information, see [To Modify Your Passwords|http://docs.sun.com/app/docs/doc/819-4428/bgacw?a=view].
# You are prompted for the Default Email Domain.
Type a Default Email Domain.
This email domain is the default that is used if no other domain is specified. For example, if {{siroe.com}} is the default email domain, then the domain to which messages addressed to user IDs without a domain will be sent.
If you are using the Delegated Administrator CLI, the command-line interface for provisioning users and groups with Sun LDAP Schema 2, you will want to specify the same default domain during its configuration. For more information, see [CommSuite:Delegated Administrator Administration Guide].
# You are prompted for the Organization DN.
Type an Organization DN under which users and groups will be created. The default is the email domain prepended to the user/group suffix.
For example, if your user/group suffix is {{o=usergroup}}, and your email domain is {{siroe.com}}, then the default is {{o=siroe.com, o=usergroup}} (where {{o=usergroup}} is your user/group Directory suffix which was specified in [#Creating UNIX System Users and Groups].
If you choose the same user/group Directory suffix as your Organization DN, you might have migration problems if you decide to create a hosted domain. If you want to set up a hosted domain during initial runtime configuration, then specify a DN one level below the User/Group suffix.
# The Ready to Configure panel appears.
The configuration program checks for enough disk space on your machine and then outline the components it is ready to configure.
To configure the Messaging components, select Configure Now. To change any of your configuration variables, select Back. Or to exit from the configuration program, select Cancel.
# The Starting Task Sequence, Sequence Completed, and Installation Summary Panels appear.
You can read the installation status by selecting Details on the final Installation Summary page. To exit the program, select Close.
A log file is created in _msg-svr-base_{{/install/configure_}}_YYYYMMDDHHMMSS_{{.log}}, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the configuration.
An initial runtime configuration is now set up for your Messaging Server. To change any configuration parameter, refer to other parts of this document for instructions on doing so.
To start Messaging Server, use the following command:
{code}
<msg-svr-base>/sbin/start-msg
{code}
h6. To Perform a Silent Installation
The Messaging Server initial runtime configuration program automatically creates a silent installation _state_ file (called {{saveState}}) that can be used to quickly configure additional Messaging Server instances in your deployment where the Messaging Server packages have been installed. All of your responses to the configuration prompts are recorded in that file.
By running the silent installation, you instruct the {{configure}} program to read the silent installation state file. The {{configure}} program uses the responses in this file rather than ask the same installation questions again for subsequent initial runtime configurations of Messaging Server. When you use the state file in a new installation, you are not asked any questions. Instead, all of the state file responses are automatically applied as the new installation parameters.
The silent installation {{saveState _statefile_}} file is stored in the _msg-svr-base_{{/install/configure_}}_YYYYMMDDHHMMSS_ directory, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the {{saveState}} file.
To use the silent installation _statefile_ to configure another Messaging Server instance on another machine in the deployment, follow these steps:
# Copy the silent installation _statefile_ to a temporary area on the machine where you are performing the new installation.
# Review and edit the silent installation _statefile_ as necessary.
You will probably want to change some of the parameters and specifications in the _statefile_. For example, the default email domain for the new installation may be different than the default email domain recorded in the _statefile_. Remember that the parameters listed in the _statefile_ are automatically applied to this installation.
# Run the following command to configure other machines with the silent installation file:
{code}
<msg-svr-base>/sbin/configure -nodisplay -noconsole -state <statefile>
{code}
where _statefile_ is file name of the {{saveState}} file, including the full path to the file. (See Step 1 of this section).
{info:title=Note}After running the silent installation program, a new _statefile_ is created from the silent installation in the _msg-svr-base_{{/install/configure_}}_YYYYMMDDHHMMSS_{{/saveState}} directory, where _YYYYMMDDHHMMSS_ identifies the 4-digit year, month, date, hour, minute, and second of the directory containing the {{saveState}} file.
{info}
h2. Installing Messaging Server Against a Directory Server Replica
The following conditions might prevent you from installing Messaging Server against a Directory Server master:
* You do not have Directory Server master credentials.
* Messaging Server cannot communicate directly with the Directory Server master.
h6. To Install Messaging Server Against a Directory Server Replica
# Run the {{comm_dssetup.pl}} program against all Directory Servers including the Directory Server replicas (see [Communications Suite Directory Server Setup Script (comm_dssetup.pl)]).
# Run the Messaging {{configure}} program using the replicated Directory Server credentials as described in [#Creating the Initial Messaging Server Runtime Configuration].
By default, this program is located in the _msg-svr-base_{{/sbin/configure}} directory.
Because of invalid privileges, the {{configure}} program fails in trying to configure the Directory Server Administrators. It does, however, produce the _msg-svr-base_{{/config/*.ldif}} files that are needed to allow proper privileges to the Directory Server replicas.
# Move the {{*.ldif}} files to the Directory Server master.
# Run the {{ldapmodify}} command on the {{*.ldif}} files.
See the Sun Java System Directory Server documentation for more information on {{ldapmodify}} or in the _msg-svr-base_{{/install/configure__YYYYMMDDHHMMSS_.log}}.
# Run the {{configure}} program again.
Your Directory Server replica (and master) are now configured to work with your Messaging Server.
h2. Installing Messaging Server Provisioning Tools
The following sections provide a summary of install information about the supported provisioning tools:
{toc-zone:minLevel=3|maxLevel=3|location=top|type=list}
h3. Understanding Schema and Provisioning Options
To learn more about the schema and provisioning options for Messaging Server and Communications Suite, see [Chapter 8, Understanding Schema and Provisioning Options|http://docs.sun.com/app/docs/doc/819-4439/acrfi?a=view], in the Sun Java Communications Suite 5 Deployment Planning Guide.
{excerpt:hidden=true}
(Note: Hiding this info for now. It is duplicated from http://docs.sun.com/app/docs/doc/819-2650/6n4u4dtlp?a=view. This page no longer should speak to iPlanet Delegated Administrator.)
Two GUI provisioning tools are available for Messaging Server, the iPlanet Delegated Administrator (Sun LDAP Schema 1) and the Communications Services Delegated Administrator (Sun LDAP Schema 2). This section discusses the former. For details on the latter see the [CommSuite:Delegated Administrator Administration Guide].\\
\\To install the iPlanet Delegated Administrator (Sun LDAP Schema 1), you need to download it from the Sun Software page. Contact your Sun Java System representative for information on the download location information.
{info:title=Note}
The iPlanet Delegated Administrator can only be installed after Messaging Server and Web Server are installed and configured. For more information on installing iPlanet Delegated Administrator, see the iPlanet Delegated Administrator documentation.\\
\\iPlanet Delegated Administrator is only available for those customers with existing Messaging Server 5.x installations and who are currently installing Messaging Server 6. It is not available to those customers new to the Messaging Server product.\\
\\iPlanet Delegated Administrator must be used with Sun Java System Web Server 6.0 (which is only bundled with the previous Messaging Server 5.2 product). You cannot use Web Server 6.1 (bundled with the Java Enterprise System installer) with iPlanet Delegated Administrator.
{info}
{info:title=Note}
When you install the following products, use the Java Enterprise System installer. Note that some of these products have their own configuration whereas other product configurators are embedded in the Java Enterprise System installer/configurator. For more information, refer to specific product documentation.
{info}
h6. To Install iPlanet Delegated Administrator
# Be sure that Sun Java System Directory Server 5.2 is installed and configured.
For more information, read the appropriate _Sun Java System Directory Server Installation Guide_.
# Install and configure Messaging Server.\\
\\Messaging Server will detect that you are using Sun LDAP Schema 1 since Sun Java System Access Manager will not be installed.
# Install Sun Java System Web Server 6.0 from your previous Messaging Server 5.2 bundle.\\
\\Review the Sun Java System Web Server documentation and the Sun Java System Delegated Administrator documentation.
# Install iPlanet Delegated Administrator for Messaging 1.2 Patch 2. \\
\\Contact your Sun support representative to obtain the latest version.\\
\\Refer to the iPlanet Delegated Administrator documentation.
{excerpt}
h3. LDAP Provisioning Tools
Sun LDAP Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported).
h6. To Install Schema 1 LDAP Provisioning Tools
# If Directory Server is not already installed, be sure to install and configure it.
For more information, refer to the [_Sun Java Enterprise System 5 Installation Guide for UNIX_|http://docs.sun.com/doc/819-4891].
# Configure Access Manager to recognize data in your Directory Server.
Before Access Manager can recognize the data in your LDAP directory, you must add special object classes to entries for all organizations, groups and users that will be managed by Access Manager. If you have not done this already, do it before you start provisioning new accounts. Sample scripts are bundled in the Access Manager product to help you automatically add these object classes to your directory. For more information on these post-installation steps, see the _Sun Java System Access Manager Migration Guide_.
# Install and configure Messaging Server with help from this guide.
Messaging Server detects which Sun Java System LDAP Schema you are using, depending on whether or not Access Manager is installed.
# Install and configure Sun Java System Web Server 6.1 to enable mail filtering in Messenger Express.
For more information on enabling mail filtering, see [#Configuring Messenger Express and Communications Express Mail Filters].
Though mail filtering is not a provisioning tool, its functionality existed in the previous GUI version of Delegated Administrator for Messaging.
# Refer to the Sun Java System Messaging Server documentation to perform LDAP provisioning.
For Sun LDAP Schema 1 LDAP provisioning, use the [_iPlanet Messaging Server 5.2 Provisioning Guide_|http://docs.sun.com/doc/816-6018-10] and [CommSuite:Communications Suite Schema Reference], which contains object classes and attributes for both Sun LDAP Schema 1 and v.2.
{toc-zone}
h2. SMTP Relay Blocking
By default, Messaging Server is configured to block attempted SMTP relays; that is, it rejects attempted message submissions to external addresses from unauthenticated external sources (external systems are any other system than the host on which the server itself resides). This default configuration is quite aggressive in blocking SMTP relaying in that it considers all other systems to be external systems.
After installation, it is important to manually modify your configuration to match the needs of your site. Specifically, your messaging server should recognize its own internal systems and subnets from which SMTP relaying should always be accepted. If you do not update this configuration, you might encounter problems when testing your MTA configuration.
IMAP and POP clients that attempt to submit messages via Messaging Server system's SMTP server destined for external addresses, and which do not authenticate using SMTP AUTH (SASL), will find their submission attempts rejected. Which systems and subnets are recognized as internal is typically controlled by the {{INTERNAL_IP}} mapping table, which may be found in the _msg-svr-base{{_/config/mappings}} file.
For instance, on a Messaging Server system whose IP address is {{192.45.67.89}}, the default {{INTERNAL_IP}} mapping table would appear as follows:
{code}
INTERNAL_IP
$(192.45.67.89/32) $Y
127.0.0.1 $Y
* $N
{code}
The initial entry, using the {{$(IP-pattern/significant-prefix-bits)}} syntax, is specifying that any IP address that matches the full 32 bits of {{192.45.67.89}} should match and be considered internal. The second entry recognizes the loopback IP address {{127.0.0.1}} as internal. The final entry specifies that all other IP addresses should not be considered internal.
You can add additional entries by specifying additional IP addresses or subnets before the final {{$N}} entry. These entries must specify an IP address or subnet (using the {{$(.../...)}} syntax to specify a subnet) on the left side and {{$Y}} on the right side. Or you may modify the existing {{$(.../...)}} entry to accept a more general subnet.
For instance, if this same sample site has a class C network, that is, it owns all of the {{192.45.67.0}} subnet, then the site would want to modify the initial entry so that the mapping table appears as follows:
{code}
INTERNAL_IP
$(192.45.67.89/24) $Y
127.0.0.1 $Y
* $N
{code}
Or if the site owns only those IP addresses in the range {{192.45.67.80-192.45.67.99}}, then the site would want to use:
{code}
INTERNAL_IP
! Match IP addresses in the range 192.45.67.80-192.45.67.95
$(192.45.67.80/28) $Y
! Match IP addresses in the range 192.45.67.96-192.45.67.99
$(192.45.67.96/30) $Y
127.0.0.1 $Y
* $N
{code}
Note that the _msg-svr-base_{{/sbin/}}{{imsimta \-test\-match}} utility can be useful for checking whether an IP address matches a particular {{$(.../...)}} test condition. The {{imsimta test \-mapping}} utility can be more generally useful in checking that your {{INTERNAL_IP}} mapping table returns the desired results for various IP address inputs.
After modifying your {{INTERNAL_IP}} mapping table, be sure to issue the _msg-svr-base/_{{sbin/imsimta cnbuild}} and the _msg-svr-base_{{/_sbin/}}{{imsimta \-restart}} utilities so that the changes take effect.
Further information on the mapping file and general mapping table format, as well as information on {{imsimta}} command line utilities, can be found in [Chapter 2, Message Transfer Agent Command-line Utilities|http://docs.sun.com/doc/819-4429/acmev?a=view], in the _Sun Java System Messaging Server 6.3 Administration Reference_. In addition, information on the {{INTERNAL_IP}} mapping table can be found in [To Add SMTP Relaying|http://docs.sun.com/app/docs/doc/819-4428/bgauv?a=view].
h2. Enabling Startup After a Reboot
You can enable Messaging Server startup after system reboots by using the bootup script: _msg-svr-base{{_/lib/}}{{Sun_MsgSvr}}. That is, by default, Messaging Server will not restart after a system reboot unless you run this script. In addition, this script can also start up your MMP, if enabled.
h6. To Enable Messaging Server After a Reboot
# Copy the {{Sun_MsgSvr}} script into the {{/etc/init.d}} directory.
# Change the following ownerships and access modes of the {{Sun_MsgSvr}} script:
||Ownership (chown(1M))||Group Ownership (chgrp(1M))||Access Mode (chmod(1M)) ||
|{{root}} (superuser)|{{sys}}|0744|
# Go to the {{/etc/rc2.d}} directory and create the following link:
{code}
ln /etc/init.d/Sun_MsgSvr S92Sun_MsgSvr
{code}
# Go to the {{/etc/rc0.d}} directory and create the following link:
{code}
ln /etc/init.d/Sun_MsgSvr K08Sun_MsgSvr
{code}
h2. Handling sendmail Clients
If end users send messages through {{sendmail}} clients, you can configure Messaging Server to work with those clients over protocol. Users can continue to use the UNIX {{sendmail}} client.
To create compatibility between sendmail clients and Messaging Server, you can create and modify a {{sendmail}} configuration file.
Each time a new {{sendmail}} patch is applied to your system, you will need to modify the {{submit.cf}} file as described in [#To Create the sendmail Configuration File on Solaris OS 9 Platforms]. On Solaris 8, follow the instructions in [#To Obtain the Proper Version of the /usr/lib/sendmail on Solaris OS 8].
When you installed previous versions of Messaging Server, the {{/usr/lib/sendmail}} binary was replaced with a component of the Messaging Server product. In Messaging Server 6.0 to the current version, this replacement during install is no longer necessary. Therefore, you may need to obtain the proper version of the {{/usr/lib/sendmail}} binary from the most current sendmail patch.
On Solaris OS 9 platforms, {{sendmail}} is no longer a {{setuid}} program. Instead, it is a {{setgid}} program.
h6. To Obtain the Proper Version of the /usr/lib/sendmail on Solaris OS 8
# Find the file {{main-v7sun.mc}} file in directory {{/usr/lib/mail/cf}} and create a copy of this file.
In the example in this section, a copy called {{sunone-msg.mc}} is created.
# In the {{sunone-msg.mc}} file, add the following lines before the {{MAILER}} macros:
{code}
FEATURE(`nullclient’, `smtp:rhino.west.sesta.com’)dnl
MASQUERADE_AS(`west.sesta.com’)dnl
define(`confDOMAIN_NAME’, `west.sesta.com’)dnl
{code}
{{rhino.west.sesta.com}} is the localhost name and {{west.sesta.com}} is the default email domain as described in [#Creating the Initial Messaging Server Runtime Configuration]. In an HA environment, use the logical host name. See [CommSuite:Configuring Messaging Server for High Availability] for more information about logical hostnames for high availability.
# Compile the {{sunone-msg.mc}} file:
{code}
/usr/ccs/bin/make sunone-msg.cf
{code}
The {{sunone-msg.mc}} will output {{sunone-msg.cf}}.
# Make a backup copy of the existing {{sendmail.cf}} file located in the {{/etc/mail}} directory.
## Copy and rename {{/usr/lib/mail/cf/sunone-msg.cf}} to {{sendmail.cf}} file.
## Move the new {{sendmail.cf}} file to the {{/etc/mail}} directory.
h6. To Create the sendmail Configuration File on Solaris OS 9 Platforms
# Find the file {{submit.mc}} file in directory {{/usr/lib/mail/cf}} and create a copy of this file.
In the example in this section, a copy called {{sunone-submit.mc}} is created.
# Change the following line in the file {{sunone-submit.mc:}}
{code}
FEATURE("msp’)dn
{code}
to
{code}
FEATURE("msp’, "rhino.west.sesta.com’)dnl
{code}
where {{rhino.west.sesta.com}} is the localhost name.
{{rhino.west.sesta.com}} is the localhost name and {{west.sesta.com}} is the default email domain as described in [#Creating the Initial Messaging Server Runtime Configuration]. In an HA environment, use the logical host name. See [CommSuite:Configuring Messaging Server for High Availability] for more information about logical hostnames for high availability.
# Compile the {{sunone-submit.mc}} file:
{code}
/usr/ccs/bin/make sunone-submit.cf
{code}
The {{sunone-submit.mc}} will output {{sunone-submit.cf}}.
# Make a backup copy of the existing {{submit.cf}} file in the {{/etc/mail}} directory.
## Copy and rename {{/usr/lib/mail/cf/sunone-submit.cf}} file to {{submit.cf}} file.
## Move the new {{submit.cf}} file to the {{/etc/mail}} directory.
h2. Configuring Messenger Express and Communications Express Mail Filters
Mail filters are accessible through Messenger Express and Communications Express. There is no need to deploy the {{.war}} file if you use only Communications Express, but to deploy the mail filters within Messenger Express you need to issue the following commands:
_If using Web Server as your web container:_
{code}
# cd <web-svr-base>/bin/https/httpadmin/bin
# ./wdeploy deploy -u /MailFilter -i https-<srvr>_instance -v https-virtual_<srvr>_instance <msg-svr-base>/SUNWmsgmf/MailFilter.war
{code}
_If using Application Server as your Web container:_
{code}
# cd <app-svr-base>/sbin
# ./asadmin
asadmin> deploy --user admin <msg-svr-base>/SUNWmsgmf/MailFilter.war
{code}
In both cases, set the following {{configutil}} parameter and restart {{mshttpd}}:
{code}
# cd <msg-svr-base>/sbin
# ./configutil -o "local.webmail.sieve.port" -v "<WS-port-no>|<AS-port-no>"
# ./stop-msg http
# ./start-msg http
{code}
Information on mail filters for end-users is available in the Messenger Express and Communications Express online help files.
h2. Performance and Tuning
Refer to [Performance Considerations for a Messaging Server Architecture|http://docs.sun.com/doc/819-4439/acriq?a=view] in the _Sun Java Communications Suite 5 Deployment Planning Guide_.
h2. Post-Installation Directory Layout
After installing the Sun Java System Messaging Server, its directories and files are arranged in the organization described in the following table. The table is not exhaustive; it shows only those directories and files of most interest for typical server administration tasks.
h6. Post-Installation Directories and Files
||Directory||Default Location and Description||
|Messaging Server Base\\
\\(_msg_svr_base_)|{{/opt/sun/comms/messaging/}} or {{/opt/sun/comms/messaging64/}}\\
\\(default location)\\
\\The directory on the Messaging Server machine dedicated to holding the server program, configuration, maintenance, and information files.\\
\\Only one Messaging Server Base directory per machine is permitted.|
|Configuration\\
\\ {{config}}|{{_msg_svr_base_/config/}}\\
\\Contains all of the Messaging Server configuration files such as the {{imta.cnf}} and the {{msg.conf}} files.\\
\\On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the {{config}} subdirectory of the data and configuration directory (default: {{/var/opt/sun/comms/messaging/}}) or {{/var/opt/sun/comms/messaging64/}} that you specified in the initial runtime configuration.|
|Log\\
\\ {{log}}|{{_msg_svr_base_/log/}}\\
\\Contains the Messaging Server log files like the {{mail.log_current}} file.\\
\\On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the {{log}} subdirectory of the data and configuration directory (default: {{/var/opt/sun/comms/messaging/}}) or {{/var/opt/sun/comms/messaging64/}} that you specified in the initial runtime configuration.|
|Data\\
\\ {{data}}|{{_msg_svr_base_/data/}}\\
\\(required location)\\
\\Contains databases, configuration, log files, site-programs, queues, store and message files.\\
\\The {{data}} directory includes the {{config}} and {{log}} directories.\\
\\On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the data and configuration directory (default: {{/var/opt/sun/comms/messaging/}} or {{/var/opt/sun/comms/messaging64}}) that you specified in the initial runtime configuration.|
|System Administrator Programs\\
\\ {{sbin}}|{{_msg_svr_base_/sbin/}}\\
\\(required location)\\
\\Contains the Messaging Server system administrator executable programs and scripts such as {{imsimta}}, {{configutil}}, {{stop-msg}}, {{start-msg}}, and {{uninstaller}}.|
|Library\\
\\ {{lib}}|{{_msg_svr_base_/lib/}}\\
\\(required location)\\
\\Contains shared libraries, private executable programs and scripts, daemons, and non-customizable content data files. For example: {{imapd}} and {{qm_maint.hlp.}}|
|SDK Include Files\\
\\ {{include}}|{{_msg_svr_base_/include/}}\\
\\(required location)\\
\\Contains Messaging header files for Software Development Kits (SDK).|
|Examples\\
\\ {{examples}}|{{_msg_svr_base_/examples/}}\\
\\(required location)\\
\\Contains the examples for various SDKs, such as Messenger Express AUTH SDK.|
|Installation Data\\
\\ {{install}}|{{_msg_svr_base_/install/}}\\
\\(required location)\\
\\Contains installation-related data files such as installation log files, silent installation files, factory default configuration files, and the initial runtime configuration log files.|
h2. Post-Installation Port Numbers
In the installation and initial runtime configuration programs, port numbers will be chosen for various services. These port numbers can be any number from 1 to 65535. The following table lists the port numbers that are designated after installation.
h6. Port Numbers Designated During Installation
||Port Number||Service ({{configutil}} parameter)||
|389|Standard Directory Server LDAP Port on the machine where you install Directory Server. This port is specified in the Directory Server installation program. ({{local.ugldapport}})|
|110|Standard POP3 Port. This port may conflict with the MMP port if installed on the same machine. ({{service.pop.port}})|
|143|Standard IMAP4 Port. This port may conflict with the MMP port if installed on the same machine. ({{service.imap.port}})|
|25|Standard SMTP Port. ({{service.http.smtpport}})|
|80|Messenger Express HTTP Port. This port may conflict with the Web Server port if installed on the same machine. ({{service.http.port}})|
|995|POP3 over SSL port. For encrypted communications. ({{service.pop.sslport}})|
|993|IMAP over SSL Port. For encrypted communications. This port may conflict with the MMP port if installed on the same machine. ({{service.imap.sslport}})|
|443|HTTP over SSL Port. For encrypted communications. ({{service.http.sslport}})|
|7997|Messaging and Collaboration Event Notification Service (ENS) Port.|
|27442|Port that is used by the Job Controller for internal product communication.|
|49994|Port that is used by the Watcher for internal product communication. See the?? Sun Java System Messaging Server Administration Guide?? for more information on the Watcher. ({{local.watcher.port}})|
If certain products are installed on the same machine, you will encounter port number conflicts. The following table shows potential port number conflicts.
h6. Potential Port Number Conflicts
||Conflicting Port Number||Port||Conflicting Port||
|995|POP3 over SSL|MMP POP3 Proxy with SSL|
|143|IMAP Server|MMPIMAP Proxy|
|110|POP3 Server|MMPPOP3 Proxy|
|993|IMAP over SSL|MMPIMAP Proxy with SSL|
|80|Web Server port|Messenger Express|
If possible, you should install products with conflicting port numbers on separate machines. If you are unable to do so, then you will need to change the port number of one of the conflicting products.
h6. To Change Port Numbers
# Use the {{configutil}} utility to change port numbers.
See [configutil|http://docs.sun.com/doc/819-4429/acmat?a=view] in the _Sun Java System Messaging Server 6.3 Administration Reference_ for complete syntax and usage.
h6. Example: Changing the Messenger Express HTTP Port Number
The following example uses the {{service.http.port}} {{configutil}} parameter to change the Messenger Express HTTP port number to {{8080}}.
{code}
configutil -o service.http.port -v 8080
stop-msg http
start-msg http
{code}